As Internet usage increases, Internet-based crime is blooming. One prevalent crime is “phishing”, which is an attempt to trick an Internet user into providing personal information to the phishing attacker. The information typically sought by phishing attackers is Internet user login information (e.g., the login name and password for an Internet user) and, sometimes, other information such as credit card information, birth date, birth place, and the like. The phishing attackers use the obtained Internet user information in order to steal the identity of the Internet user. For example, a phishing attack may be used in order to obtain information to impersonate the Internet user (e.g., to log into e-mail accounts, to authorize credit card transactions, and to perform similar actions in the name of the Internet user).
Phishing attackers may use various different schemes to launch phishing attacks. A phishing attacker may use Domain Name Service (DNS) spoofing to direct users to a website owned by the attacker when users enter a Uniform Resource Locator (URL) of a real website. The spoofed website owned by the attacker is often a good look-alike; not exactly the same as the real website, but sufficiently convincing to not alert the user. Sometimes, the spoofed website may even connect to the real website in the back-end, acting as a pass-through to the real website. Furthermore, phishing attackers may register a domain name that closely resembles a well-known domain name (e.g., registering www.googel.com instead of www.google.com to attack users that mistype the real domain name).
In such schemes, where phishing attackers use DNS spoofing, the phishing attackers may wait until users enter the URL in an attempt to access the legitimate website or, alternatively, the phishing attackers may launch the attack by sending emails or instant messages to users that contain links to the spoofed website that is imitating the legitimate website. Where the phishing attacker launches the attack, the emails or instant messages appear to originate from the legitimate server of the legitimate website (e.g., by faking email addresses and using text and images similar to the those commonly used by the legitimate websites). Unfortunately, users are often duped into clicking on the links included in the phishing emails and instant messages.
Many attempts have been made to prevent phishing attacks. For example, attempts to prevent phishing attacks include using dedicated hardware solutions, one-time passwords, server-side certificates, graphical indications of security level (e.g., displaying an icon representing a padlock if the website displayed in the Internet browser is secure), client-side browser extensions (e.g., to check for typical signs of phishing, such as checking website URLs and checking the syntax of presented website pages), blacklists (e.g., maintaining lists of phishing webpages locally on a client or remotely on a server). Furthermore, static information is sometimes displayed to the user during login for use by the user in determining whether the website is legitimate.
Disadvantageously, despite these attempts to prevent phishing attacks, users are still easily tricked by phishing attacks. For example, users often fail to check the validity of a website and, further, when they do check the users typically cannot tell the difference between a valid certificate and an invalid certificate. Furthermore, as phishing attempts proliferate and users become more educated about them, users are becoming more skeptical of clicking on links in emails and instant messages purporting to be from legitimate senders. While this reduces the success of phishing attacks, it also significantly impacts the ability of legitimate providers to contact their own users for legitimate reasons. Therefore, there is clearly a need for an improved technique for preventing phishing attacks.